Equipment/Denning: Difference between revisions

From London Hackspace Wiki
(spacefed and ldap is here)
(remove netboot stuff)
Line 25: Line 25:


Runs zone minder, see below.
Runs zone minder, see below.
Also a netboot server, provides:
* Diskless i386 and amd64 debian wheezy
* Rescue and Install for debian wheezy.
* partition magic
* memtest
* [http://www.dban.org/ dban]
* [http://linux.voyage.hk/ Voyage] (a minimised debian disto that can run from readonly media) '''Warning''' : the Voyage auto install kernel will '''reformat''' things they are booted on ''without prompting''.


Also runs [http://www.ansibleworks.com/docs/intro_getting_started.html ansible] for setting up machines in the space.
Also runs [http://www.ansibleworks.com/docs/intro_getting_started.html ansible] for setting up machines in the space.
Line 68: Line 59:


Has only a single mechanical harddrive so vulnerable to data loss.
Has only a single mechanical harddrive so vulnerable to data loss.
Maybe look at adopting this for netboot stuffs: https://github.com/askarel/Pantoufle
=== nfs ===
Denning runs a few diskless nfs clients via pxe etc, unfortunatly nfs dosn't work very well, and i don't know why.
* The kernel used nfs v3 over tcp
* the mount works on my laptop (manual mounting)
* dosn't work on the spaces "windows" laptop (when netbooting)
* dosn't work on new colin (?) (when netbooting)
* i386 seems to work (?)
* but i386 has a newer kernel...
==== linkdump:====
* https://lists.gnu.org/archive/html/ltib/2010-08/msg00103.html
* https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt
==== todo ====
* Try other machines incase it's a wierd nic driver bug
* Try more i386 vs. amd64.
* Upgrade kernel on the amd64 diskless image


== Ansible procedures ==
== Ansible procedures ==

Revision as of 20:08, 20 October 2014

Denning
Hackspace Unknown.png
Model Nexcom DNA1110
Sub-category Systems
Status Good working order
Training requirement yes
Training link Unknown
ACnode no
Owner LHS
Origin donation from Tgreer
Maintainers Sysadmin team

Denning

Runs the non-vital services that used to run on Boole. Might get used for other stuff as well. Same hardware as Boole

Runs the spacefed node for the space (via a freeradius server) and has an LDAP server. the LDAP db is replicated from Turing.

Runs zone minder, see below.

Also runs ansible for setting up machines in the space.

Zoneminder/cctv

Has an 8 port video capture card in it. It's currently connected to the 3 yard cameras and the rear lobby camera. The other 4 inputs are disabled until we put more cameras up.

The card is one of these (or a clone):

The modprobe.d settings I'm using are:

options i2c-algo-bit bit_test=1 options tuner debug=1 options bttv gbuffers=16 card=102,102,102,102,102,102,102,102 radio=0,0,0,0,0,0,0,0 tuner=4,4,4,4,4,4,4,4 audiodev=-1,-1,-1,-1,-1,-1,-1,-1 v4l2=1 bttv_verbose=1 chroma_agc=1 combfilter=2 full_luma_range=1 coring=1

Each input is configured with:

  • fps: 10
  • alarm fps: 25
  • palette: BGR24
  • resolution: 640 x 480

This might just about work with all 8 inputs, we may have to drop the resolution to 360 x 288

The old card.

Issues

Has only a single mechanical harddrive so vulnerable to data loss.

Ansible procedures

using Ansible with a Rasbperry Pi

dd raspbian image (use the 02-09 one to avoid usb issues)
boot pi
watch dhcp logs on boole
ssh pi@ip
passwd: raspberry

sudo raspi-config
update it
expand filesystem
change password
boot to console
advanced options -> hostname

cd /etc/network
edit interfaces to get a static ip
reboot

on boole:

add hostname to fwd and rev. dns, don't forget to commit your changes.

log into denning with ssh keys forwarded

add hostname to /etc/ansible/hosts in both the [lhshosts] and [rpis]
sections, and [doorbot] if it's a doorbot, make the syslocation="something sensible"

then:

if it's a replacement for an old machine then:

ssh-keygen -R hostname
ssh-keygen -R hostname.lan.london.hackspace.org.uk
ssh-keygen -R ipv4 address (?)
ssh-keygen -R ipv6 address (?)

then:

cd /etc/ansible

install python-apt which ansible needs:

ansible -vvv -u pi -k -s -m command -a "apt-get -y install python-apt" "hostname"

Then run it

ansible-playbook -u pi -s -k -l "hostname" lhs/site.yml

The 2nd one will add our users, ssh keys, packages, etc etc.

notes:

not sure how resolv.conf gets setup, I thought having:

iface eth0 inet static
        [...]
        dns-nameservers 172.31.24.2
        dns-search lan.london.hackspace.org.uk

Would sort it, but maybe that dosn't and we got lucky from dhcp?

The dns stuff in /etc/network/interfaces appears to be bogus and resolv.conf needs to be
done manually, add to ansible.


Removing an admin

edit /etc/ansible/lhs/vars/defaults.yml, remove them from users, add them to disable_users, then re-run ansible.

Ansible Troubleshooting

problem, ansible dies in the snmp config cos it can't find a default ipv4 address.
fix: make sure the machine has an ipv4 default route
problem, the sshfp stuff just has hostname. rather than hostname.lan.london.hackspace.org.uk.
fix: edit /etc/hosts on the effected machine so that both the long and short versions of the hostname are in there.